Total
34334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45230 | 1 Apache | 1 Airflow | 2024-11-21 | 6.5 Medium |
| In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for. | ||||
| CVE-2021-45111 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.1 High |
| Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. | ||||
| CVE-2021-45101 | 1 Wisc | 1 Htcondor | 2024-11-21 | 8.1 High |
| An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data. | ||||
| CVE-2021-45099 | 1 Ssh \& Web Terminal Project | 1 Ssh \& Web Terminal | 2024-11-21 | 8.8 High |
| The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations | ||||
| CVE-2021-45090 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 9.8 Critical |
| Stormshield Endpoint Security before 2.1.2 allows remote code execution. | ||||
| CVE-2021-45042 | 1 Hashicorp | 1 Vault | 2024-11-21 | 4.9 Medium |
| In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. | ||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2024-11-21 | 7.7 High |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | ||||
| CVE-2021-44954 | 1 Qvis | 4 Dvr, Dvr Firmware, Nvr and 1 more | 2024-11-21 | 7.8 High |
| In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. | ||||
| CVE-2021-44892 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | ||||
| CVE-2021-44757 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 9.1 Critical |
| Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server. | ||||
| CVE-2021-44750 | 2 F-secure, Microsoft | 6 Client Security, Countercept, Elements and 3 more | 2024-11-21 | 6.4 Medium |
| An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands. | ||||
| CVE-2021-44747 | 1 F-secure | 5 Atlant, Elements Endpoint Protection, Internet Gatekeeper and 2 more | 2024-11-21 | 4.6 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | ||||
| CVE-2021-44746 | 1 Nec | 9 Univerge Dt800 Data Maintenance Tool, Univerge Dt820, Univerge Dt820 Firmware and 6 more | 2024-11-21 | 5.3 Medium |
| UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained. | ||||
| CVE-2021-44663 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | ||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-11-21 | 7.8 High |
| Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | ||||
| CVE-2021-44650 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 7.2 High |
| Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | ||||
| CVE-2021-44596 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 9.8 Critical |
| Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges | ||||
| CVE-2021-44564 | 1 Kalkitech | 40 Sync2000-m1, Sync2000-m1 Firmware, Sync2000-m2 and 37 more | 2024-11-21 | 8.1 High |
| A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). | ||||
| CVE-2021-44547 | 1 Odoo | 1 Odoo | 2024-11-21 | 9.1 Critical |
| A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | ||||
| CVE-2021-44526 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | ||||